lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Jul 2016 11:16:34 +0800 From: Baolin Wang <baolin.wang@...aro.org> To: Felipe Ferreri Tonello <eu@...ipetonello.com> Cc: Felipe Balbi <balbi@...nel.org>, Greg KH <gregkh@...uxfoundation.org>, Michal Nazarewicz <mina86@...a86.com>, r.baldyga@...sung.com, dan.carpenter@...cle.com, USB <linux-usb@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, Mark Brown <broonie@...nel.org> Subject: Re: [PATCH v3] usb: gadget: f_midi: Add checking if it need align buffer's size to an ep's maxpacketsize Hi Felipe, On 26 July 2016 at 19:06, Felipe Ferreri Tonello <eu@...ipetonello.com> wrote: > Hi Baolin, > > Sorry for not replying for previous emails because for some reason these > emails were archived. :( > > On 12/07/16 10:01, Baolin Wang wrote: >> Some gadget device (such as dwc3 gadget) requires quirk_ep_out_aligned_size >> attribute, which means it need to align the request buffer's size to an ep's >> maxpacketsize. >> >> Thus we add usb_ep_align_maybe() function to check if it is need to align >> the request buffer's size to an ep's maxpacketsize. >> >> Signed-off-by: Baolin Wang <baolin.wang@...aro.org> >> Acked-by: Michal Nazarewicz <mina86@...a86.com> >> --- >> Changelog: >> v2: >> - Simplify the method to get buffer length. >> v1: >> - Remove the in_ep modification. >> - Remove max_t() function. >> >> drivers/usb/gadget/function/f_midi.c | 11 +++++++---- >> 1 file changed, 7 insertions(+), 4 deletions(-) >> >> diff --git a/drivers/usb/gadget/function/f_midi.c b/drivers/usb/gadget/function/f_midi.c >> index 58fc199..3486941 100644 >> --- a/drivers/usb/gadget/function/f_midi.c >> +++ b/drivers/usb/gadget/function/f_midi.c >> @@ -359,10 +359,13 @@ static int f_midi_set_alt(struct usb_function *f, unsigned intf, unsigned alt) >> >> /* allocate a bunch of read buffers and queue them all at once. */ >> for (i = 0; i < midi->qlen && err == 0; i++) { >> - struct usb_request *req = >> - midi_alloc_ep_req(midi->out_ep, >> - max_t(unsigned, midi->buflen, >> - bulk_out_desc.wMaxPacketSize)); >> + struct usb_request *req; >> + unsigned length; >> + >> + length = usb_ep_align_maybe(midi->gadget, midi->out_ep, >> + midi->buflen); >> + >> + req = midi_alloc_ep_req(midi->out_ep, length); >> if (req == NULL) >> return -ENOMEM; >> >> > > Yes, as mentioned before, my intent was to align the size otherwise an > actual nasty bug happens. > > I have two problems with this approach: > * usb_ep_align_maybe() has a bug that it doesn't convert wMaxPacketSize > endianness to the CPU. See my patch on that[1] subject. Also this Yes, you are right, I missed that. > function uses round_up which expects x and y to be a power of 2, is that > a feasible assumption? I suppose it only expects y is a power of 2. > * If the gadget driver doesn't support quirk_ep_out_aligned_size, > usb_ep_align_maybe() can potentially return a len < wMaxPacketSize. > Basically causing a regression. Okay. > > I believe we should protect this bad behavior on alloc_ep_req() in > drivers/usb/gadget/u_f.c by forcing align the size if the endpoint in > subject is OUT. > > [1] [PATCH 1/4] usb: gadget: f_midi: fixed endianness when using > wMaxPacketSize: https://lkml.org/lkml/2016/7/25/1028 -- Baolin.wang Best Regards
Powered by blists - more mailing lists